Allowing ICQ

[BarryStiefel]

Allowing ICQ



Note that the following information was based on information available from http://www.icq.com/icqtour/firewall/netadmin.html on 19 November 2002. You may wish to check this page for the latest instructions.

Client to server Communication is done via port 5190 to login.icq.com. Note that login.icq.com resolves to multiple IP addresses, so you will need to perform an nslookup to determine what IP addresses it resolves to. Windows and some Unix implmentations of nslookup only show one IP address even when multiple IPs are possible.

Client to client communication uses tcp high ports (i.e. all ports above 1024). If you allow clients to initiate "any" service outbound, then client to client communication will work. If you don't feel comfortable with this configuration, you can restrict the client to specific "listening" ports. This will be compatible with static NAT, but not HIDE NAT.

In a HIDE NAT configuration, your users will need to configure their clients to "Use Server Proxy Settings" and it will not be possible to initiate a direct communication to other users in a similar configuration.

-- GuyR - 18 Jan 2004

FAQForm FAQs.Class: ServicesFAQs FAQs.OS: FAQs.Version: